Search Results (47438 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-31802 1 Chamilo 1 Chamilo Lms 2025-01-29 5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.
CVE-2023-31801 1 Chamilo 1 Chamilo Lms 2025-01-29 6.1 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.
CVE-2023-31800 1 Chamilo 1 Chamilo Lms 2025-01-29 5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.
CVE-2023-31807 1 Chamilo 1 Chamilo Lms 2025-01-29 5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function.
CVE-2023-31806 1 Chamilo 1 Chamilo Lms 2025-01-29 5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function.
CVE-2023-31805 1 Chamilo 1 Chamilo Lms 2025-01-29 4.8 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function.
CVE-2023-2427 1 Phpmyfaq 1 Phpmyfaq 2025-01-29 4.8 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13.
CVE-2023-30619 1 Enalean 1 Tuleap 2025-01-29 5.4 Medium
Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.
CVE-2023-2521 1 Ez-net 2 Next-7004n, Next-7004n Firmware 2025-01-29 3.5 Low
A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-23470 1 Ibm 1 I 2025-01-29 6.4 Medium
IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510.
CVE-2023-1094 1 Monicahq 1 Monica 2025-01-29 8 High
MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter.
CVE-2020-19660 1 Ipandao 1 Editor.md 2025-01-29 6.1 Medium
Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values.
CVE-2020-18282 1 5none 1 Nonecms 2025-01-29 6.1 Medium
Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature.
CVE-2020-18132 1 Mipcms 1 Mipcms 2025-01-29 4.8 Medium
Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit.
CVE-2023-2566 1 Open-emr 1 Openemr 2025-01-29 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1.
CVE-2023-31180 1 Wjjsoft 1 Innokb 2025-01-29 6.1 Medium
WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request.
CVE-2024-43152 1 3dflipbook 1 3d Flipbook 2025-01-29 5.9 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in iberezansky 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery allows Stored XSS.This issue affects 3D FlipBook – PDF Flipbook Viewer, Flipbook Image Gallery: from n/a through 1.15.6.
CVE-2023-24957 1 Ibm 1 Business Automation Workflow 2025-01-29 5.4 Medium
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.
CVE-2022-43866 1 Ibm 1 Maximo Asset Management 2025-01-29 5.4 Medium
IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436.
CVE-2023-31183 1 Cybonet 1 Pineapp Mail Secure 2025-01-29 6.1 Medium
Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.